Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160

Use the Test Queries button in the External Authentication Queries section of the page (or the 

ldaptest

 

command) to verify that your queries return the expected results. For related information, see 

.

Set up external authentication to use the LDAP server. Enable the appliance to use the LDAP server 
for user authentication and assign user roles to the groups in the LDAP directory. For more information, 
see 

 and the “Adding Users” in 

the Cisco IronPort AsyncOS for Email Security Advanced User Guide.

To authenticate external users, AsyncOS uses a query to search for the user record in the LDAP directory 
and the attribute that contains the user’s full name. Depending on the server type you select, AsyncOS 
enters a default query and a default attribute. You can choose to have your appliance deny users with 
expired accounts if you have attributes defined in RFC 2307 in your LDAP user records 
(shadowLastChange, shadowMax, and shadowExpire). The base DN is required for the domain level 
where user records reside.

 shows the default query string and full user name attribute that AsyncOS uses when it 

searches for a user account on an Active Directory server.

 shows the default query string and full user name attribute that AsyncOS uses when it 

searches for a user account on an OpenLDAP server.

You can associate LDAP groups with user roles for accessing the appliance. 

[blank] (You need to use a specific base DN to find the user 
records.)

(&(objectClass=user)(sAMAccountName={u}))

displayName

[blank] (You need to use a specific base DN to find the user 
records.)

(&(objectClass=posixAccount)(uid={u}))

gecos